Honest question, did we ever get an answer what was the cause for the sudden change from the original Truecrypt developer?
Even if one doesn't want to maintain that project for purely private reasons, recommending Bitlocker as the drop-in-replacement always made it smell fishy to me.
It's more or less commonly accepted that its creator got jailed for being an arms dealer.
https://en.wikipedia.org/wiki/Paul_Le_Roux
I knew the speculation on him being involved in some capacity, but as the wiki page states, this was never confirmed in any substantial way.
More importantly, if development seized with no public comment, that would be one thing and may strengthen the "he got arrested" theory. However, there was some final communication, specific recommendations to rely on Bitlocker of all things, a new version of Truecrypt was released solely for decrypting existing disks and then the web page was removed, including a flag set on robots.txt to ensure it wouldn't appear on archive.org. All this concurrent to a crowd funded source code audit that, in the end, did not find any server issues or backdoors (I recall some speculation back in the day, that either known code quality issues or an intentional backdoor could have caused the exodus).
That all makes it hard to link this to an arrest of the main developer, though I dislike speculation without any hard evidence and if there is no new information, I'll keep this filed under "there is no answer".
I always believed that rather than publicly stating that they were about to be arrested or worse, which may alert regular, non-tech-savy people, he sent a hidden message in the arguably horrendous recommendation of replacing his tool with BitLocker.
I think he was trying to scream “Run!” without actually screaming “run”.
Wasn’t there something with 7.1A and that the canary was gone after that version too?
> He subsequently admitted to arranging or participating in seven murders, carried out as part of an extensive illegal business empire.
Yikes
Makes you wonder what kind of leverage/information you have to have to only get 25 years for admitting to being involved in 7 murders.
According to Wikipedia, the DEA gave him immunity on additional charges in return for pleading guilty and running a sting against his associates, but before the DEA knew about the murders.
My theory is that Le Roux was just financing the (two?) TrueCrypt developers.
One of the greatest men of our times.
I would also like to know why is it excluded from Archive.org
https://web.archive.org/web/20260000000000*/https://www.true...
This can be done by Archive.org doing it for whatever reason (asked, on their own, etc) or it can be triggered by the current owner of the domain modifying robots.txt I believe.
likely chose to shut down rather than bend over, same as Lavabit a year prior. I find it more plausible than the other theory.
I went on a Wikipedia dive and discovered this funny bit regarding the court process surrounding Lavabit and FBI's desire of the TLS private keys.
> The contempt of court was caused by Levison providing the keys printed in a tiny (4 point) font, which was deemed "largely illegible" by an FBI motion, which went on to complain that "To make use of these keys, the FBI would have to manually input all 2560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data."
(And to be clear, that's all they ever saw of said keys)
> The court ordered Levison to be fined $5,000 a day beginning 6 August until he handed over electronic copies of the keys. Two days later Levison handed over the keys hours after he shuttered Lavabit.
I remember that. That was around the time they were using the National Security Letter to make things happen that were clearly illegal. Now look at where we are at. They are using Nation Security reasoning for anything.
That's just stupid. Take 10 people, each enters the data independently, compare their versions and select the most common of each character. With 1 second per character they would finish in an hour, coffee break included. They just didn't want to bother.
Fair assumption, but unlike Lava, TC never had customer/user data. The NSL/forced shut down theories also make little sense to me however, the fork was up by the end of the week and was easy to foresee. Kinda why this fascinates me so much, no theory I ever read survives basic scrutiny. Perhaps some things, we’ll never know.
https://en.wikipedia.org/wiki/Nils_Torvalds#Linux_kernel_sta...
>When my oldest son [Linus Torvalds] was asked the same question: "Has he been approached by the NSA about backdoors?" he said "No", but at the same time he nodded. Then he was sort of in the legal free. He had given the right answer, [but] everybody understood that the NSA had approached him.
so the assumption here is that TC were also asked to accept "contributions" from bioluminescent individuals, and chose not to. "just use Bitlocker" was a deafeningly loud dogwhistle, don't you think?
Agreed, that whole thing was suspicious. I still use TrueCrypt, because of the suspicious nature of how it all went down.